OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Third-party AuthnRequest use case

> Just to clarify, the typical portal scenario that we see is where the 
> portal is directing users authenticated by an IdP in its own 
> organization to SPs in other organizations. In this case, I wouldn't 
> expect the portal to be authorized to sign AuthnRequests on behalf of 
> those SPs.

Why not? Isn't that what's happening if you want signing? I guess I figured
this was much *more* likely if the portal was in the same domain as the IdP.
If not, it's much less likely that such impersonation could be permitted.

Of course I'm not saying people must do this, I'm just trying to see whether
signing should be just ruled out as completely incompatible with the use
case or not...which I'd say your response would imply?

At least without a protocol to initiate the request process at an SP, which
isn't defined now.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]